Re: [DNSOP] ALT-TLD and (insecure) delgations.
Bob Harold <rharolde@umich.edu> Wed, 01 February 2017 21:09 UTC
Return-Path: <rharolde@umich.edu>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B993B12957F for <dnsop@ietfa.amsl.com>; Wed, 1 Feb 2017 13:09:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=umich.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VSLYPGXl6bqb for <dnsop@ietfa.amsl.com>; Wed, 1 Feb 2017 13:09:26 -0800 (PST)
Received: from mail-yw0-x234.google.com (mail-yw0-x234.google.com [IPv6:2607:f8b0:4002:c05::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE160126FDC for <dnsop@ietf.org>; Wed, 1 Feb 2017 13:09:25 -0800 (PST)
Received: by mail-yw0-x234.google.com with SMTP id v200so75106460ywc.3 for <dnsop@ietf.org>; Wed, 01 Feb 2017 13:09:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umich.edu; s=google-2016-06-03; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=6ne1NEYTbkOZ5w9vgC8/6bPiDJn4aSwMXn72XAqEBQs=; b=M8jLIbVAkN7bte3oLQxvLXZIewvbP80iU2fT4GyYnetGZQKmOqrOvfXfpt3wn9Oxdo cViC4IoRYyIS2+6tRlWv83CvoOQXo56jYUtPf9v25BvpV74Sy9Q9rSEhqAa1DvBPW6XY obPidTUbg9KeuTVBKw0p3qQuh1HoDBioJVoYhy9lzlIC2Cj7snrCpbM+UvOwzY35GveB pOAUwbxxfk6+0y5is14P8ZlawI3gDTDXz9NRVMbeNLkwyJGshglurzoMBCen7NdgY/56 s1vMWacUDa08PRq/BMXYoMJIBXidZexSS5SEAKKIwpngc0oYHs4jAM9CI1T/fC/u50th eQ5g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=6ne1NEYTbkOZ5w9vgC8/6bPiDJn4aSwMXn72XAqEBQs=; b=mon+yfNPc4j2TcGE5sZObN2L6bfqXQ+jq6Uv27UCdl610x81OH+/gfbSQW2+Eww9hg nu1PBXG9KltAA6NXwTNrUT5jRJNhXX4Yd+HDEw7S6/rD9WpGHQpUocgpo/S74dA/LUzZ 2008hPnJABtvMLXBTeZ7UvaS0bLK/5O/rgDN8f5n7959aTRJS5EQyof2mhK2Gp3vsOsR tBbkceU6vTKDMVz2lkpRdvgQaBwiN0Efk/0NXHE88M6BjVoh6JbscYWU22w8UHDyRSWQ PsgNotH0F1yAaHppPxcNY+ewqPZxfuCGjJ3VFG461PmfI+Tn1Sg8Pa+egpP1ax4+4uMH bdyg==
X-Gm-Message-State: AIkVDXKBFrBrZkdB8dxD34F+BCW/vol2gmiUh48PB/4rjDwXY4bM5ut+FWNiOZYBuaXxwo7HTddo8zNUgOcitW1y
X-Received: by 10.129.81.12 with SMTP id f12mr3310355ywb.80.1485983364896; Wed, 01 Feb 2017 13:09:24 -0800 (PST)
MIME-Version: 1.0
Received: by 10.13.237.68 with HTTP; Wed, 1 Feb 2017 13:09:24 -0800 (PST)
In-Reply-To: <1B8E640B-C38E-4B76-A73D-7178491A9D7B@fugue.com>
References: <CAHw9_i+8PA3FQx8FqW-xQ_96it7k-g5UrMB7fxARUi1gwQ++hw@mail.gmail.com> <CA+nkc8AhLe7nbPRkGixi93SGNZQhw+TACUDa8=pGsWM5YHJE0w@mail.gmail.com> <C75FC005-ED38-436B-A93E-C2D2B7CDDE9C@gmail.com> <1B8E640B-C38E-4B76-A73D-7178491A9D7B@fugue.com>
From: Bob Harold <rharolde@umich.edu>
Date: Wed, 01 Feb 2017 16:09:24 -0500
Message-ID: <CA+nkc8DwZpnZr3k0XwEz80=_ofnti8XCsyiWQZvU4qAw7XB1SA@mail.gmail.com>
To: Ted Lemon <mellon@fugue.com>
Content-Type: multipart/alternative; boundary="001a114630189bb40c05477e7674"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/OEFlIJfelTgGrIM-utEAaTHLpc0>
Cc: dnsop <dnsop@ietf.org>, Ralph Droms <rdroms.ietf@gmail.com>
Subject: Re: [DNSOP] ALT-TLD and (insecure) delgations.
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Feb 2017 21:09:27 -0000
On Wed, Feb 1, 2017 at 3:58 PM, Ted Lemon <mellon@fugue.com> wrote: > On Feb 1, 2017, at 3:50 PM, Ralph Droms <rdroms.ietf@gmail.com> wrote: > > It appears to me that requesting an insecure delegation is the right thing > to do, as a "technical use". We have, so far, been very careful in what we > ask for. If ICANN does not agree, then we can discuss other options. > > > I agree. > > > I'm confused. The .ALT TLD is expected to be used for non-DNS name > lookups. So isn't a secure denial of existence exactly what we want for > .ALT? What is the utility in having an un-signed delegation? > > As I understand it, the idea is that if someone incorrectly looks up a .alt name in DNS, we want an answer that causes the requester and recursive resolver to not ask again, both to reduce traffic to the roots, and to minimize leakage of information. If querying 'something.alt', a delegation would be cached at the '.alt' level, but an NXDOMAIN would be cached as 'something.alt', and 'other.alt' would not be covered. -- Bob Harold
- [DNSOP] ALT-TLD and (insecure) delgations. Warren Kumari
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Ted Lemon
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Robert Edmonds
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Bob Harold
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Ralph Droms
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Mark Andrews
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Bob Harold
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Ted Lemon
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Mark Andrews
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Ralph Droms
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Ralph Droms
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Warren Kumari
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Warren Kumari
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Mark Andrews
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Stephane Bortzmeyer
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Suzanne Woolf
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Suzanne Woolf
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Suzanne Woolf
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Ralph Droms
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Ted Lemon
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Andrew Sullivan
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Ted Lemon
- Re: [DNSOP] ALT-TLD and (insecure) delgations. George Michaelson
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Andrew Sullivan
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Andrew Sullivan
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Ray Bellis
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Mark Andrews
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Ted Lemon
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Ted Lemon
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Mark Andrews
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Suzanne Woolf
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Olafur Gudmundsson
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Ted Lemon
- Re: [DNSOP] ALT-TLD and (insecure) delgations. John Levine
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Ted Lemon
- Re: [DNSOP] ALT-TLD and (insecure) delgations. John R Levine
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Ted Lemon
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Ólafur Gudmundsson
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Jim Reid
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Ralph Droms
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Ray Bellis
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Ted Lemon
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Ólafur Gudmundsson
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Ted Lemon
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Suzanne Woolf
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Ray Bellis
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Suzanne Woolf
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Ray Bellis
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Tony Finch
- Re: [DNSOP] ALT-TLD and (insecure) delgations. John Levine
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Ray Bellis
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Woodworth, John R
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Stephane Bortzmeyer
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Stephane Bortzmeyer
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Ted Lemon
- Re: [DNSOP] ALT-TLD and (insecure) delgations. Stephane Bortzmeyer